I can’t get the fail2ban.service to run. It gets killed constantly
I tried to install fail2ban on an xcp-ng (8.3 alpha2). I installed it from source because the default REHL repos are turned off and I thought it might be good to have it that way. So I tried from source:
wget https://github.com/fail2ban/fail2ban/archive/refs/tags/1.0.2.tar.gz
tar xzf 1.0.2.tar.gz
cd fail2ban-1.0.2/
sudo python setup.py install
which ran absolutly fine. so I changed the /etc/fail2ban/jail.conf to look like this:
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/secure
maxretry = 3
bantime = 1800
Then I created a service that looks like this:
[Unit]
Description=Fail2Ban Service
After=network.target
[Service]
Type=simple
ExecStart=/usr/bin/fail2ban-server -s /var/run/fail2ban/fail2ban.sock -p /var/run/fail2ban/fail2ban.pid -x
Restart=always
PrivateDevices=yes
PrivateTmp=yes
ProtectHome=read-only
ProtectSystem=strict
ReadWritePaths=-/var/run/fail2ban
ReadWritePaths=-/var/lib/fail2ban
ReadWritePaths=-/var/log/fail2ban
ReadWritePaths=-/var/spool/postfix/maildrop
ReadWritePaths=/run/xtables.lock
CapabilityBoundingSet=CAP_AUDIT_READ CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_NET_RAW
[Install]
WantedBy=multi-user.target
[Definition]
logtarget = /var/log/fail2ban/fail2ban.log
I started and registered the service via:
sudo systemctl start fail2ban.service
sudo systemctl enable fail2ban.service
but this is where the problems started. According to /var/log/secure I had some ip-adresses blocked within a couple of seconds, but the service got killed a couple of times until it ran into a start-limit.
sudo systemctl status fail2ban.service
would show:
fail2ban.service - Fail2Ban Service
Loaded: loaded (/etc/systemd/system/fail2ban.service; disabled; vendor preset: disabled)
Active: failed (Result: start-limit) since Fri 2023-05-05 14:49:02 CEST; 6h ago
Main PID: 3747 (code=exited, status=0/SUCCESS)
sadly the /var/log/fail2ban.log doesn’t help too much:
2023-05-05 14:49:01,357 fail2ban.server [3737]: INFO Starting Fail2ban v1.0.2
2023-05-05 14:49:01,357 fail2ban.server [3737]: INFO Daemon started
2023-05-05 14:49:01,357 fail2ban.observer [3737]: INFO Observer start...
2023-05-05 14:49:01,367 fail2ban.database [3737]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
2023-05-05 14:49:01,369 fail2ban.jail [3737]: INFO Creating new jail 'sshd'
2023-05-05 14:49:01,372 fail2ban.jail [3737]: INFO Jail 'sshd' uses poller {}
2023-05-05 14:49:01,372 fail2ban.jail [3737]: INFO Initiated 'polling' backend
2023-05-05 14:49:01,375 fail2ban.filter [3737]: INFO maxLines: 1
2023-05-05 14:49:01,396 fail2ban.filter [3737]: INFO maxRetry: 3
2023-05-05 14:49:01,396 fail2ban.actions [3737]: INFO banTime: 1800
2023-05-05 14:49:01,396 fail2ban.filter [3737]: INFO Added logfile: '/var/log/secure' (pos = 4204377, hash = 1758915d47afccac75c40307f4f09edc)
2023-05-05 14:49:01,397 fail2ban.jail [3737]: INFO Jail 'sshd' started
2023-05-05 14:49:01,423 fail2ban.server [3737]: INFO Shutdown in progress...
2023-05-05 14:49:01,423 fail2ban.observer [3737]: INFO Observer stop ... try to end queue 5 seconds
2023-05-05 14:49:01,492 fail2ban.observer [3737]: INFO Observer stopped, 0 events remaining.
2023-05-05 14:49:01,523 fail2ban.server [3737]: INFO Stopping all jails
2023-05-05 14:49:01,523 fail2ban.filter [3737]: INFO Removed logfile: '/var/log/secure'
2023-05-05 14:49:01,599 fail2ban.jail [3737]: INFO Jail 'sshd' stopped
2023-05-05 14:49:01,599 fail2ban.database [3737]: INFO Connection to database closed.
2023-05-05 14:49:01,599 fail2ban.server [3737]: INFO Exiting Fail2ban
